Tag Archives: Privacy

FBI double downing on encryption horrors

Posted on by

Last week I wrote about how the Washington Post was being irresponsible by arguing that phone encryption was a greater risk than a benefit for citizens. Because the BAD GUYS or evil people would take advantage of it. Only a few days ago the director of the FBI doubled down on these statements saying that “phone encryption will take us to a very dark place.” Furthermore, the scare mongering examples he provides, cell phone data provided no help nor would have encryption been any sort of hindrance in the investigation.

Phone encryption will more likely force governments and the police to actually get warrants to search phones. As with Passwords courts can order a suspect to hand over encryption keys, in cases where the police don’t have enough evidence to earn a court order they are expected to crack it on their own with their own computer experts. This will likely lead to something of an arms race between police and encryption writers, but that’s already been happening for years.

I think that this is about something bigger than phones though. Once your average computer user has been educated in encryption for phones and loses their fear of encryption, they will likely look into encrypting or expecting their computers to come encrypted. Since phones are fairly easy to hack it makes sense to start with those spaces. However, with the massive amounts of computer leaks at companies lately, it’s likely that Microsoft will begin to encrypt their operating system, eventually consumers will expect it on their personal computers. Laptops and tablets are extremely easy to steal. With encryption it makes the theft a lot less valuable as they have to completely wipe the computer and will be unable to extract any data that might be used for identity theft.

The final end effect might be that users will have true end to end encryption. Which will make it much more difficult for the FBI, CIA, and NSA to spy on ordinary Americans. The end result of phone encryption might actually be that overall Americans have dramatically improved privacy from other Americans, businesses, and governments (not just the American government).

This is why the FBI is terrified.

Phone Encryption

Posted on by

It’s been announced that both iOS and Android are going to have fully encryptable phones which will be a huge boon for our 4th amendment rights. As well as to protect us from more mundane things like theft or simply losing your phone. Our phones these days contain as much or more personal information as our computers do these days. The average person doesn’t have any sort of two step authentication on their personal accounts on their phones. In most case people do have some sort of password protection to get into the phone, but once in it’s fairly easy to get into many applications.

For end users there’s nothing better than having a stronger security measures as in many cases companies poorly manage their security. This can be highlighted from the past week of exploits and those celebrity pictures. Encrypting phones might not prevented the celebrity leak, but in many cases it could. It’s believed that some of the hacks of Paris Hilton years ago came from hacking her phone through a BlueTooth connection, so a fully encrypted phone may have protected her from that hack.

All these things are good, however, the Washington Post has decided that this encryption is a risk to public safety because it will help criminals. This is the exact same argument that people make against BitCoin and full disk encryption. BitCoin ended up spawning SilkRoad, which has been shut down and it’s more likely that more crime is committed with dollars rather than Bitcoin. Full Disk Encryption has been used by both criminals and the more technical savvy. With the recent changes where the government can simply take your laptop at boarder crossings without any sort of warrant. Which means anyone at anytime that could have been flagged by the NSA could have their computer searched at will.

It’s more likely that encryption will protect an average person from an arbitrary search than protect a criminal. It’s likely that without everyone being encrypted, having your computer or phone encrypted would have been a huge red flag, however, with these recent changes that can’t happen. Meaning the average person will be safer as well as the fully legal with nothing to hide security conscious individuals.

The Washington Post, FBI, and other agencies are wrong. Fully encryption on our phones protects our privacy, improves our fourth amendment, and give us more control over our own devices. If the FBI and the US government is successful in creating a backdoor the encryption will be worthless and the put us more at risk as we’ll have a false sense of security.

More than two sides, the complexity of a story

Posted on by

In a lot of my writing, I typically focus on one aspect of the story. For example, with my writing about Ferguson I really focused on the wrong that I believed the police were doing. I didn’t really touch on the violence that the protesters were doing to the community (contained to the first few days) or the violence they were committing on the police. I didn’t ignore it personally, or as I was thinking about the articles, I just didn’t want to discuss it because it didn’t fit with the story I was trying to outline. That’s perfectly fine. You can’t fit everything into any given story. However, that doesn’t mean that omission was support of the actions of the protesters. I abhor their behavior and I think that it really negatively impacted their message. 

The past few days, we’ve had some pretty serious leaks. Over 100 celebrities have had their nude images leaked. The suspected culprit is iCloud. The iPhone, like most Android phones have the option to automatically backup your photos to a storage unit online. Apparently, there was a vulnerability in an application called Find My Phone, which allowed a person to try as many times as they wanted to access an account. What this meant was that brute force methods for cracking a login for an account would work eventually. It might have taken days or longer for whatever algorithm was used to crack the logins, but eventually it would have worked. There’s no way for it not. Essentially, the approach would run through as many permutations as possible for the login. furthermore, it could have actually been run concurrently on multiple different systems to test in parallel. It’s pretty horrible that someone was able to sneak into iCloud and steal these pictures, however, it’s also incumbent on the users of these systems and the owners of the systems to ensure that these simple lapses don’t happen. 

The users of these services bare a responsibility for understanding what is happening to their data once it leaves their phones. This is a requirement for any user, not just the famous. The famous likely should have someone help them with their security features, as it’s unlikely that many of them have the desire or knowledge to do it on their own. Not that this is any different for much of the rest of the population. They are as vulnerable as the famous, but aren’t a target simply by being uninteresting. 

In both cases, it’s fully acceptable to be upset by both sides of the story. It’s not impossible to say that police violence and militarization is bad and that the criminal element of the Ferguson protests is bad too. It’s also fine to say that you shouldn’t hack and that the people that develop the systems and use the systems are accountable as well. In most of our stories, there are complexities that are withheld or ignored because there is an angle the writer is going for, the story would take too long, or the writer has a low opinion of the readers. In my case, I was going for a specific angle with the Ferguson stories, because I assumed that it was obvious to the reader that the violence committed by the protesters was both known and understood to be a terrible wrong. Not mentioning it did make the police seem less rational than they were behaving though.

In the case of the leaks, most of the attention has been put on the leaker and the people enjoying the leaks, however, it’s important that we keep in mind that there’s a responsibility of the companies to keep that data safe. 

Protecting the web and user through a Internet Bill of Rights

Posted on by

The guy who helped invent the internet, no not Al Gore, Tim Berners-Lee wants a new Magna Carta for the internet. If he was American it’d be a bill of rights or declaration of independence, if he was an anarchist, it’d be a manifesto. This call for a clear set of rules for the online/cyberspace is nothing new. The first article was written in 1986 – 3 years before the internet was created. This was when kids were using phones and a few other systems to hack things. The most recent was only a few years ago from an internet website.

Creating these documents is an effort in futility. We already have a bill of rights in the US that SHOULD be protecting us from the NSA, GCHQ, CIA, and other organizations. These organizations, at least the US ones, should be forbidden from given information they “accidentally” collect on US citizens to other governments. They do though. We have secret courts with secret interpretations of laws that we as citizens have no idea what they are. How is ANOTHER Magna Carta going to help?

There’s absolutely no reason to expect our governments to abide by these new laws when they are flouting the current laws – attempting to undermine existing laws through intentionally narrower interpretations of rulings – in many cases getting slapped on the wrist later for infractions that have been going on for years.

Creating a new bill of rights, Magna Carter, or whatever will not solve the problem. The problem is not the current set of laws, though that doesn’t help, the root cause of the problem is corruption and arrogance.

Now that it’s been uncovered that the CIA hacked Congress’s Intelligence Committee, one that had been defending the NSA, there’s all sorts of kerfuffle. Congress didn’t care, excepting Ron Wyden (and a few others), until they realized that they were just as likely targets any the average Joe.

Most members of Congress are funded through companies and special interest groups. These include companies that support the NSA and other intelligence organizations. If any of those orgs funded any member of Congress on a committee that oversees anything related to intelligence gathering there’s going to be corruption. Regardless of if it’s quid pro quo or not.

We will never pass a bill of rights for the internet as long as there’s potential conflicts of interest (funded by companies that bills are trying to regulate). We must address corruption before we can hope to have an effective set of rights for the internet or anywhere else.

Sponsored data and YOU!

Posted on by

This could be your lucky day, your cellular provider is going to start offering packages where certain content doesn’t cost you anything in your data cap. This is awesome. You can start streaming more and more video/music/whatever it is that you stream from your favorite services. However, not all of your favorite services will be free of data charge! So make sure that you tell your favorite service that YOU want THEM to sign up and make their content data cap free to you! All those service providers have to do is pay your cellular provider money to stop the data caps! No, seriously, AT&T wants to do this.

Is this a problem? I think it depends on who you are. For a consumer in some cases this is pretty awesome. Let’s say you love to watch video games being streamed on Twitch.tv by your buddies over at KBMOD and Twitch decides to pay money to prevent your data from being charged against your data cap. But you’re also a huge fan of MLG and MLG just decided to start their own Twitch competitor but they can’t afford to pay those same fees. Well, guess you’ll be only watching MLG from your PC or on wifi. Too bad your favorite shows are on while you’re not able to use Wifi though! O well, Twitch is there for you though!

This is a niche market obviously. Not everyone cares about watching someone play streaming video games or even streaming video games to your phone so you can keep playing a game you were playing from home. A lot of people care about TV and movies though. We can look at this as something that’s really analogous to what Comcast was trying to do to Netflix close to two years ago. In April of 2012 Comcast announced that its Xfinity streaming service would not be charged against your Comcast data caps while Netflix streaming service would be. Netflix’s CEO argued that this violated Net Neutrality because it provided preferential treatment to one source of data over another.

What is Net Neutrality? Well, there are two different arguments, which I discuss in a blog here, where one is saying everything must be treated equally, while the other one argues that there are nuances and we can treat data differently because we need to “Groom” our networks. Internet and network purists believe that you shouldn’t even be able to determine what the data is or what the source of that data is if you’re a point along the network, just where it most recently was and where it needs to go next. The only application that can read the data in the package is the application that requested it.

AT&T’s plan, similar to Comcast’s, is in violation of Net Neutrality and the FCC will step in to regulate this type of “service” because it’s, in the end, bad for the consumer. Unfortunately, there are limitations to what the FCC can do and even potentially what AT&T can do.

There has been much more of a push for encryption and it’s likely that these pushes may actually enable more of a return to the true meaning of Net Neutrality. If all of our data is fully encrypted, deep packet inspection tools (which tell if the data you’re getting is video, music, or whatever), won’t work very well as that information will be encrypted. Furthermore, if your application’s data is all encrypted and AT&T won’t be able to tell if your data is your data then there’s no value in paying for “privileged” data status from AT&T.

It’s one of the reasons why I’ll likely support company’s like Wickr, an encrypted Snapchat competitor, which told the FBI to screw itself when they were asked to put a backdoor into their encryption. It’s important that we work to protect our data and support companies that do so in terms of Net Neutrality and encryption.

What companies do you support that encrypt and fight for net neutrality?